WO2019226042A1 - Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device - Google Patents

Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device Download PDF

Info

Publication number
WO2019226042A1
WO2019226042A1 PCT/MY2019/050032 MY2019050032W WO2019226042A1 WO 2019226042 A1 WO2019226042 A1 WO 2019226042A1 MY 2019050032 W MY2019050032 W MY 2019050032W WO 2019226042 A1 WO2019226042 A1 WO 2019226042A1
Authority
WO
WIPO (PCT)
Prior art keywords
cots
lot device
tee
lot
tag
Prior art date
Application number
PCT/MY2019/050032
Other languages
English (en)
French (fr)
Inventor
Christopher Leong Yew CHONG
Joel Tay Jin GHEE
Lim Chee Ming
Kon Kar HOU
Original Assignee
Soft Space Sdn Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Soft Space Sdn Bhd filed Critical Soft Space Sdn Bhd
Priority to JP2020565801A priority Critical patent/JP6926349B2/ja
Priority to SG11202011225YA priority patent/SG11202011225YA/en
Priority to GB2020524.1A priority patent/GB2587746B/en
Priority to US17/058,061 priority patent/US20210209579A1/en
Priority to CN201980035082.4A priority patent/CN112166449A/zh
Priority to AU2019272261A priority patent/AU2019272261A1/en
Publication of WO2019226042A1 publication Critical patent/WO2019226042A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/308Payment architectures, schemes or protocols characterised by the use of specific devices or networks using the Internet of Things
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/321Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wearable devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/0723Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q2220/00Business processing using cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the subject matter in general relates to digital payments. More particularly, but not exclusively, the subject matter relates to a COTS/loT device based secure financial payment acceptance method and a device thereof.
  • the method comprises requesting a Trusted Application Manager (TAM) to verify the COTS/loT device identity and executing the application on a COTS/loT device.
  • TAM installs a Trusted Application (TA) in a Trusted Execution Environment (TEE) of the COTS/loT Device.
  • TEE Trusted Execution Environment
  • the COTS/loT device includes a distributed ledger, and wherein the distributed ledger comprises information corresponding to at least one of COTS/loT device ownership, manufacture, and usage information.
  • the information corresponding to the COTS/loT device in the distributed ledger is modified through the TEE.
  • the application is executed in the operating system of the COTS/loT device.
  • the TAM is a remote system which verifies the identity of the COTS/loT device and installs the TA in the TEE of the COTS/loT device.
  • the resonance response is performed multiple times, and a distance of the tag from the COTS/loT device is calculated for each of the multiple resonance responses.
  • the secure financial transaction is initiated in an event a decrease in distance is identified in subsequent resonance responses using the COTS/loT device.
  • the resonance response to calculate the distance is implemented using one or more of light proximity, sound proximity or accelerator in order to determine the relative distance, for the payment processing to begin.
  • the relative distance is configurable and is used for the purpose of fraud detection by ensuring the payment is initiated from a trusted/genuine payment card. The distance may be adjusted to accommodate changes to the guidelines pertaining to payment schemes at present and in future.
  • a COTS/loT device for processing a secure financial transaction.
  • the COTS/loT device is configured to request using the operating system part of the processor, a Trusted Application Manager (TAM) to verify device identity and install a Trusted Application (TA) in a Trusted Execution Environment (TEE) of the COTS/loT Device, Wherein the TEE is isolated from the operating system of the COTS/loT device and runs in parallel on a TEE part of the processor. Further, execute an application on a COTS/loT device.
  • TAM Trusted Application Manager
  • TEE Trusted Execution Environment
  • the COTS/loT device further comprises a distributed ledger, and wherein the distributed ledger comprises information corresponding to at least one of COTS/loT device ownership, manufacture, and usage information.
  • FIG. 1 is an exemplary simple architecture of a Trusted Execution Environment (TEE) system 100 used for secure financial transactions, in accordance with an embodiment of the invention
  • FIG. 2 is an exemplary flow diagram 200 for deploying a Trusted
  • TA in the TEE environment of the COTS/loT device, in accordance with an embodiment of the invention
  • FIG. 3 illustrates an exemplary block diagram of a system 300 for secure financial transactions using a COTS/loT device with added security by incorporating a distributed ledger among the COTS/loT devices, in accordance with an embodiment of the invention
  • Fig. 4A and 4B illustrates an exemplary resonance response and a tag discovery, distance or resonance response time calculation, respectively, in accordance with an embodiment of the invention.
  • FIG. 5 is a flowchart of an exemplary method 500 for processing a secure financial transaction using a COTS/ loT device, in accordance with an embodiment of the invention.
  • the terms“a” or“an” are used, as is common in patent documents, to include one or more than one.
  • the term “or” is used to refer to a non-exclusive“or,” such that“A or B” includes“A but not B,”“B but not A,” and“A and B,” unless otherwise indicated.
  • inventions disclose techniques for secure financial transaction acceptance using a Commercial of-the-shelf (COTS) device or Internet of Things (loT) device.
  • COTS Commercial of-the-shelf
  • LoT Internet of Things
  • embodiments provide a COTS/loT device for processing a secure financial transaction.
  • the COTS/loT device is configured to execute, using an operating system part of a processor, an application on a COTS/loT device. Further, request using the OS part of the processor, a Trusted Application Manager (TAM) to verify and install a Trusted Application (TA) in a Trusted Execution Environment (TEE) of the COTS/IOT
  • TAM Trusted Application Manager
  • the TEE of the COTS/loT device is isolated from the OS environment of the COTS/loT device and both run in parallel. Further, a resonance response is initiated when a tag is within a predetermined distance from the COTS/loT device and the tag information is received from the tag. Further a secure financial transaction is processed using the COTS/loT device based on the received tag information by accessing the TEE part of the processor.
  • the COTS/loT device further comprises a distributed ledger, which comprises information corresponding to at least one of COTS/loT device ownership, manufacture, and usage information.
  • FIG. 1 is an exemplary simple architecture of a Trusted Execution Environment (TEE) system 100 used for secure financial transactions, in accordance with an embodiment of the invention.
  • TEE Trusted Execution Environment
  • OS Operating System
  • TEE Trusted Execution Environment
  • OS Operating System
  • TEE Trusted Execution Environment
  • the sensitive elements of the critical applications may be executed in TEE in isolation from OS application environment. This facilitates extra level of security as the associated code and data may be protected from more vulnerable OS side of the COTS/loT device.
  • TEE Trusted Application
  • the execution of a Trusted Application (TA) in TEE may affect execution of applications in OS, however, execution in the OS cannot interfere with the execution in TEE.
  • the application running on OS may request to execute code or verify tokens/keys through the TEE client API. Further, the TEE may execute respective TA or verify keys/tokens and provide the result to the TEE client API.
  • the COTS/loT devices may include smart phones, laptops, computers, tablets, and smart watches, among other COTS/loT devices known in the art.
  • FIG. 2 is an exemplary flow diagram 200 for deploying a Trusted Application (TA) in the TEE environment of the COTS/loT device, in accordance with an embodiment of the invention.
  • the Trusted Application Manager is a remote server configured to establish communication with the TEE of the COTS/loT device.
  • TAM may also authorize the installation of the Trusted Application in the TEE of the COTS/loT device.
  • TAM may further be configured to push data or other confidential keys for a TA into the TEE.
  • the application store may a platform on which a developer/company may host their applications for download.
  • the users of the COTS/loT devices may download an application from the application store.
  • the typical examples of application store may include Google Play and App Store by Apple, among others.
  • the flow ‘a’ indicates a developer/company involved in developing an application which is hosted in the app store. It shall be understood that, for the sake of simplicity the TAM and developer/company have been grouped into one, however it is always possible that the developer/company may be different from TAM. Also, it shall be noted that the application is signed as a Trusted Application by TAM or Manufactures before moving to TAM.
  • the flow‘b’ indicates creating a security domain after the application is downloaded and running for the first time in the COTS/loT device.
  • the security domain is a place where keys can be stored, where the trusted application when at rest may be encrypted to keep safe.
  • the application requests the TAM to approve the installation of the TA in the TEE.
  • the TAM at flow‘d’ may perform several checks such as verifying the identity of the COTS/loT device, verifying whether it’s a trust worthy end point, and keep a track of the number of trusted applications deployed, among others, and upon positive verification issue a token/key to authorise the installation of TA in the TEE of the COTS/loT device.
  • the TA is installed in the TEE of the COTS/loT device and is safely stored in TEE. Additionally, the TAM may also share some personalisation data to the application.
  • the identifier T indicates the positively verified and installed TA loaded into the TEE of the COTS/loT device.
  • FIG. 3 illustrates an exemplary block diagram of a system 300 for secure financial transactions using a COTS/loT device with added security by incorporating a distributed ledger among the COTS/loT devices, in accordance with an embodiment of the invention.
  • the system 300 includes an COTS/loT device 1.
  • the COTS/loT device 1 includes an application for processing a secure payment by accessing a trusted application (TA) installed in the TEE.
  • the TEE is isolated from the operating system of the COTS/loT device and runs in parallel on a TEE part of the processor.
  • a tag as illustrated in the figure is bought close to the COTS/loT device a resonance response is initiated.
  • the tag may include, but not limited to, for example a credit card, debit card, smart watch, and a smart ring, among other devices capable of storing information pertaining to payment credentials.
  • the resonance response may be initiated only the tag is within a predetermined distance from the COTS/ loT device.
  • the TAG may share the information corresponding to the tag with the COTS/loT device for processing a payment.
  • Fig. 4A and 4B illustrates an exemplary resonance response and a tag discovery, distance or resonance response time calculation, respectively, in accordance with an embodiment of the invention.
  • the TAG is within the range of the actual signal strength‘m’ it may be discoverable by the COTS/loT device.
  • the information for the tag may not be accepted until the tag is within the distance of ‘n’ form the COTS/loT device.
  • the distance of the tag is continuously monitored upon its discovery.
  • the tag information may be received by the COTS/loT device.
  • the financial transaction may be initiated thereafter.
  • different techniques may be adapted to implement a resonance response for example, but not limited to, using one or more of light proximity, sound proximity and relative distance, among other techniques known in the art.
  • the plurality of COTS/loT devices may share a distributed ledger among themselves.
  • This may be implemented using state-of-the-art distributed ledger technologies such as, but not limited to, Blockchain and Hash graph, among other technologies.
  • the distributed ledger may include information corresponding to the unique identification number of the COTS/loT device, ownership of the COTS/loT device, usage information of the COTS/loT device, and manufacture information of the COTS/loT device, among other information.
  • the information corresponding to accessing the distributed ledger such as the private key and other cryptos may also be stored in the TEE, through an update via TAM to the TA. This enables tracking the ownership details of the device. Further crowd leasing may also be facilitated i.e. allowing ownership of the devices via “crowd leasing” approach and genuinely identifying individual of the lease. The duration of ownership may also be recorded, and this enables distribution of return of the leasing if desired.
  • the usage/consumption information may include, but not limited to, estimated lifespan of the device, automation of maintenance, and charging by usage, among others.
  • FIG. 5 is a flowchart of an exemplary method 500 for processing a secure financial transaction using a COTS/ loT device, in accordance with an embodiment of the invention.
  • the method 500 may be implemented in a COTS/loT device.
  • the COT/loT device is embedded with a unique key during the manufacturing stage.
  • a developer application may be signed by a TAM so that the TA can be installed in the TEE of COTS/loT.
  • a request to install a trusted application in the TEE of the COTs/loT device may be send to the TAM.
  • the application may be executed on the COTS/loT device at step 504.
  • a resonance response may be initiated when a tag is discovered to be within a predetermined distance from the COTS/loT device.
  • the information from the tag is used to process a secure financial transaction using the COTS/loT device by accessing the TEE.
  • a distributed ledger such as blockchain or hash graph may be implemented to maintain a ledger in all the COTS/loT devices.
  • the distributed ledger may comprise information corresponding to ownership, usage information, and manufacturer of the COT/loT device, among other details.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Mathematical Physics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
PCT/MY2019/050032 2018-05-24 2019-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device WO2019226042A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
JP2020565801A JP6926349B2 (ja) 2018-05-24 2019-05-24 商用オフザシェルフ又はモノのインターネットデバイスを使用して安全な金融取引を処理するための方法
SG11202011225YA SG11202011225YA (en) 2018-05-24 2019-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
GB2020524.1A GB2587746B (en) 2018-05-24 2019-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
US17/058,061 US20210209579A1 (en) 2018-05-24 2019-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
CN201980035082.4A CN112166449A (zh) 2018-05-24 2019-05-24 处理使用商用现货或物联网设备的安全金融交易的方法
AU2019272261A AU2019272261A1 (en) 2018-05-24 2019-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2018702015A MY197067A (en) 2018-05-24 2018-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
MYPI2018702015 2018-05-24

Publications (1)

Publication Number Publication Date
WO2019226042A1 true WO2019226042A1 (en) 2019-11-28

Family

ID=68616131

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2019/050032 WO2019226042A1 (en) 2018-05-24 2019-05-24 Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device

Country Status (9)

Country Link
US (1) US20210209579A1 (ja)
JP (1) JP6926349B2 (ja)
CN (1) CN112166449A (ja)
AU (1) AU2019272261A1 (ja)
GB (1) GB2587746B (ja)
MY (1) MY197067A (ja)
SG (1) SG11202011225YA (ja)
TW (1) TW202004635A (ja)
WO (1) WO2019226042A1 (ja)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210191702A1 (en) * 2018-10-12 2021-06-24 Alibaba Group Holding Limited Blockchain Node Service Deployment Method, Apparatus and System, and Computing Device and Medium
US11520895B2 (en) 2020-12-07 2022-12-06 Samsung Electronics Co., Ltd. System and method for dynamic verification of trusted applications

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11463130B1 (en) * 2021-10-13 2022-10-04 Roku, Inc. Proving physical possession of internet-of-things (IoT) devices

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090288148A1 (en) * 2008-05-13 2009-11-19 Paul Headley Multi-channel multi-factor authentication
US9608829B2 (en) * 2014-07-25 2017-03-28 Blockchain Technologies Corporation System and method for creating a multi-branched blockchain with configurable protocol rules
US20170243193A1 (en) * 2016-02-18 2017-08-24 Skuchain, Inc. Hybrid blockchain
WO2017187397A1 (en) * 2016-04-29 2017-11-02 nChain Holdings Limited Operating system for blockchain iot devices
US9818092B2 (en) * 2014-06-04 2017-11-14 Antti Pennanen System and method for executing financial transactions

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NZ592576A (en) * 2011-04-29 2013-09-27 Jenkin Timber Ltd A fixing system for cladding and a cladded structure
US8817240B2 (en) * 2012-05-25 2014-08-26 Mitutoyo Corporation Interchangeable optics configuration for a chromatic range sensor optical pen
DE102013201730A1 (de) * 2013-02-04 2014-08-07 Bundesdruckerei Gmbh Bereitstellung von Positionsdaten mittels eines Distance-Bounding Protokolls
WO2014114699A1 (de) * 2013-01-25 2014-07-31 Bundesdruckerei Gmbh Bereitstellung von positionsdaten mittels eines distance-bounding protokolls
US9871821B2 (en) * 2014-11-11 2018-01-16 Oracle International Corporation Securely operating a process using user-specific and device-specific security constraints
WO2016132458A1 (ja) * 2015-02-17 2016-08-25 楽天株式会社 携帯端末、制御方法およびプログラム
WO2016137277A1 (en) * 2015-02-27 2016-09-01 Samsung Electronics Co., Ltd. Electronic device providing electronic payment function and operating method thereof
CN106899552B (zh) * 2015-12-21 2020-03-20 中国电信股份有限公司 认证方法,认证终端以及系统
US10515350B2 (en) * 2016-03-15 2019-12-24 Samsung Electronics Co., Ltd. Method and apparatus to trigger mobile payment based on distance
US10705894B2 (en) * 2016-05-30 2020-07-07 Samsung Electronics Co., Ltd. Electronic device for authenticating application and operating method thereof
US20180147552A1 (en) * 2016-11-28 2018-05-31 Sarfaraz K. Niazi Zero gravity process device
CN106682897B (zh) * 2016-12-27 2020-09-08 努比亚技术有限公司 确定nfc支付的装置及方法
US10554634B2 (en) * 2017-08-18 2020-02-04 Intel Corporation Techniques for shared private data objects in a trusted execution environment
US20190340481A1 (en) * 2018-05-02 2019-11-07 Capital One Services, Llc Secure contactless payment method and device with active electronic circuitry

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090288148A1 (en) * 2008-05-13 2009-11-19 Paul Headley Multi-channel multi-factor authentication
US9818092B2 (en) * 2014-06-04 2017-11-14 Antti Pennanen System and method for executing financial transactions
US9608829B2 (en) * 2014-07-25 2017-03-28 Blockchain Technologies Corporation System and method for creating a multi-branched blockchain with configurable protocol rules
US20170243193A1 (en) * 2016-02-18 2017-08-24 Skuchain, Inc. Hybrid blockchain
WO2017187397A1 (en) * 2016-04-29 2017-11-02 nChain Holdings Limited Operating system for blockchain iot devices

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210191702A1 (en) * 2018-10-12 2021-06-24 Alibaba Group Holding Limited Blockchain Node Service Deployment Method, Apparatus and System, and Computing Device and Medium
US11604631B2 (en) * 2018-10-12 2023-03-14 Alibaba Group Holding Limited Blockchain node service deployment method, apparatus and system and computing device and medium
US11520895B2 (en) 2020-12-07 2022-12-06 Samsung Electronics Co., Ltd. System and method for dynamic verification of trusted applications

Also Published As

Publication number Publication date
MY197067A (en) 2023-05-24
TW202004635A (zh) 2020-01-16
SG11202011225YA (en) 2020-12-30
GB2587746A (en) 2021-04-07
AU2019272261A2 (en) 2022-04-14
CN112166449A (zh) 2021-01-01
AU2019272261A1 (en) 2021-01-21
GB2587746B (en) 2023-01-11
JP6926349B2 (ja) 2021-08-25
GB202020524D0 (en) 2021-02-03
JP2021519471A (ja) 2021-08-10
US20210209579A1 (en) 2021-07-08

Similar Documents

Publication Publication Date Title
US10748144B2 (en) System and method for transaction security enhancement
JP7030981B2 (ja) 資産管理方法および装置、および電子デバイス
US11461498B2 (en) Systems and methods for secured, managed, multi-party interchanges with a software application operating on a client device
US11763305B1 (en) Distributed ledger for device management
JP6321023B2 (ja) 内部不揮発性メモリを有しないデバイスにおいてアンチロールバック保護を与えるための方法
KR101492757B1 (ko) 애플리케이션 사용 정책 시행
US11539526B2 (en) Method and apparatus for managing user authentication in a blockchain network
US20210209579A1 (en) Method for processing a secure financial transaction using a commercial off-the-shelf or an internet of things device
US10671730B2 (en) Controlling configuration data storage
US11481509B1 (en) Device management and security through a distributed ledger system
JP2019517698A (ja) モバイル決済の方法、デバイス及びシステム
US10019577B2 (en) Hardware hardened advanced threat protection
KR20220090537A (ko) 정책 적용을 위한 가상 환경 유형 검증
CN114207613A (zh) 用于激励式入侵检测系统的技术
JP7445017B2 (ja) ユーザ識別子および署名収集を利用したモバイルアプリケーション偽造・変造探知方法、コンピュータプログラム、コンピュータ読み取り可能な記録媒体およびコンピュータ装置
JP6337495B2 (ja) 出金又は振込処理方法、出金又は振込処理プログラムおよび出金又は振込処理装置
US11494762B1 (en) Device driver for contactless payments
US20240129736A1 (en) Mitigating against spurious deliveries in device onboarding

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19808033

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
ENP Entry into the national phase

Ref document number: 2020565801

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 202020524

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20190524

ENP Entry into the national phase

Ref document number: 2019272261

Country of ref document: AU

Date of ref document: 20190524

Kind code of ref document: A

122 Ep: pct application non-entry in european phase

Ref document number: 19808033

Country of ref document: EP

Kind code of ref document: A1